certmagic-admin

command
v1.87.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 27, 2024 License: AGPL-3.0 Imports: 17 Imported by: 0

README

certmagic-admin

This is a tool used to interact directly with certificates stored by CertMagic.

Install

$ go install storj.io/edge/cmd/certmagic-admin

Prerequisites

To run any commands you will need:

  • the certificate storage bucket name
  • the path to a service account key file with permissions to use Google's Cloud Storage

To run obtain, renew, or revoke you also need:

  • permissions for the Google Public CA and Cloud DNS
  • the project name where the DNS zone exists
  • the ACME accounts email address

Usage

Example command:

$ certmagic-admin --keyfile key.json --bucket certmagic_bucket cert show www.example.com

Debug logging can be enabled by using the --log.debug flag.

Commands
List Certificates

Lists all the certificates in storage grouped by issuer.

$ certmagic-admin --keyfile <keyfile> --bucket <bucket_name> cert list
Show Certificate

Show prints a certificate in storage. If there are multiple certificates with the same name the most recent is printed. You must specify --staging to see a certificate from a staging issuer.

$ certmagic-admin --keyfile <keyfile> --bucket <bucket_name> cert show [--staging] <name>
Obtain Certificate

Obtains and stores a certificate for a domain. If the certificate is already in storage this command has no effect. Wildcard certificates are allowed. Certificates with multiple SANs are not supported.

$ certmagic-admin --keyfile <keyfile> --bucket <bucket_name> cert obtain --dnsproject <project> --email <email> [--staging] [--gpublicca] [--letsencrypt] <name>
Renew Certificate

Renew and store a certificate. Specify --force to renew a certificate that is not close to expiring.

$ certmagic-admin --keyfile <keyfile> --bucket <bucket_name> cert renew --dnsproject <project> --email <email> [--staging] [--force] <name>
Revoke certificate

Revoke a certificate and delete it from storage. Disable the issuer that did not issue the certificate being revoked with --gpublicca=false or --letsencrypt=false. The email and ACME account must be the same as the one that issued the certificate. Valid reasons are: unspecified, keyCompromise, affiliationChanged, superseded, cessationOfOperation, priviledgeWithdrawn, aACompromise. A certificate revoked, but unable to fully clean up assets from issuer error message is expected and can be safely ignored.

$ certmagic-admin --keyfile <keyfile> --bucket <bucket_name> cert revoke --email <email> [--staging] [--gpublicca] [--letsencrypt] <name> <reason>

Documentation

The Go Gopher

There is no documentation for this package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL